Khika Data Format

From khika
Revision as of 10:49, 29 May 2019 by Rajesh kulkarni (talk | contribs) (Created page with "KHIKA Data Format is simple single line string format with epoch time at the beginning of each message, followed by a colon (":") character, followed by key-value pairs. Every...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

KHIKA Data Format is simple single line string format with epoch time at the beginning of each message, followed by a colon (":") character, followed by key-value pairs. Every message must have event_str key and value.

Example: 1559126565 : tl_src_host my_laptop src_ip 192.168.1.100 dst_ip 8.8.8.8 src_port 176532 dst_port 53 event_str firewall_message

Though it is not compulsory, we HIGHLY recommend to enclose every key and value in double quotes. This is to take care of any space characters within key or value.

So, above message is better formatted as below

1559126565 : "tl_src_host" "my_laptop" "src_ip" "192.168.1.100" "dst_ip" "8.8.8.8" "src_port" "176532" "dst_port" "53" "event_str "firewall_message"

Retrieved from "http://khika.com/wiki/index.php?title=Khika_Data_Format&oldid=180"